<?php
/**
 * @file functions.php
 * @version 0.2
 * @author LD <2009-10-28 14:24:56>
 * @desc 一些公用函数
 * 
 */
if(!defined('ACCOUNT_INIT'))
  exit('Access Denied!');

  
/**
 * 校验登陆
 *
 * @return 1 默认跳入登录页面
 */
function validaStatus(){
	global $gLD;
	$anti = 1; //校验登陆,默认跳入登录页面
	if ( !empty($_SESSION['account_dkb']['dkb_pass']) ){
		if ($_SESSION['account_dkb']['dkb_pass'] == -1){ //未设置安全密码
			if ($gLD['user_id'] == $_SESSION['account_arr']['chk_uin'])
				$anti = 0;
		}elseif ($_SESSION['account_dkb']['dkb_pass'] == 1){ //设置了安全密码
			if ($_SESSION['account_dkb']['dkb_uin'] == $gLD['user_id'] and $gLD['user_id'] == $_SESSION['account_arr']['chk_uin'] )
				$anti = 0;  //登陆成功
		}
	}
	
	return $anti;
}//END func validaStatus

/**
 * 变态D登录验证,弱
 * @return 1 默认跳入登录页面
 */
function validaStatus4AJAX(){
	$anti = 1; //校验登陆,默认跳入登录页面
	if ( empty($_SESSION['account_arr']['chk_uin'])
	  or empty($_SESSION['account_dkb']['dkb_uin']) ){
		$anti = 1;
	}else $anti = 0;
	
	return $anti;
}//END func validaStatus4AJAX

/**
 * @name check($str)
 * @desc 检测提交的值是不是含有SQL注射的字符，防止注射，保护服务器安全，同时使用内置函数剔除非法字符
 * @param $str(提交的变量)
 * @return 返回处理后的字符串
 */
function check($str) {
	//'</?[^>]*>';
	$str = strReplace($str);
	$allowedTags = '<p><strong><b><em><i><strike><blockquote><u><h1><h2><h3><h4><h5><h6><img><li><ol><ul><span><div><br><ins><del><a><font>';
	$str = trim($str);
	$str = addslashes($str); // 进行过滤
	/*if (injectCheck($str)) { // 注射判断
		exit ('提交的参数非法！'); 
	}*/
	$str = strip_tags($str, $allowedTags);
	return $str;
} //END func check

/**
 * 替换特殊字符
 *
 * @param String $strResult
 * @return String
 */
function strReplace($strResult) {
	if ($strResult != "") {
		$strResult = str_replace("<", "&lt;", $strResult);
		$strResult = str_replace(">", "&gt;", $strResult);
		$strResult = str_replace("&", "&amp;", $strResult);
		$strResult = str_replace("'", "&#039;", $strResult);
		$strResult = str_replace("\"", "&quot;", $strResult);
	}
	return $strResult;
}//END func strReplace

/**
 * @name injectCheck($sql_str)
 * @desc 检测提交的值是不是含有SQL注射的字符，防止注射，保护服务器安全
 * @param $sql_str(提交的变量)
 * @return True Or False
 */
function injectCheck($sqlStr) {
	return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sqlStr); // 进行过滤
}//END func injectCheck

/**
 * 得到客户端的IP地址
 *
 * @return String
 */
function getIP(){
	$ip = $_SERVER['REMOTE_ADDR'];
	if(empty($ip)){
		$ip = 'unknown';
	}
	return $ip;
}//END func getIP

/**
 * 输出VIEW头部...
 *
 * @param String $paki
 * @param String $sessionKey
 */
function showHeader($paki){
	// 全局变量
	global $gLD;
	$user_id = $gLD['user_id'];
	$nick = $gLD['user_snick'];
	$sessionKey = $gLD['sessionKey'];
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr valign="bottom">
	<td width="19%" align="left">
<?php 
	if ($paki == 'aa'){
?><img src="images/menu1b.gif" width="110" height="32" border="0" />
<?php }else { ?>
<a href="<?php echo "?black%20hole={$gLD['BlackHole']}&sessionKey={$sessionKey}&uin={$user_id}&module=aa"; ?>"><img src="images/menu1a.gif" width="110" height="32" border="0" /></a>
<?php } ?></td><td width="19%" align="left">

<?php 
	if ($paki == 'bb'){
?><img src="images/menu2b.gif" width="110" height="32" border="0" />
<?php }else { ?>
<a href="<?php echo "?black%20hole={$gLD['BlackHole']}&sessionKey={$sessionKey}&uin={$user_id}&module=bb"; ?>"><img src="images/menu2a.gif" width="110" height="32" border="0" /></a>
<?php } ?></td><td width="19%" align="left">

<?php 
	if ($paki == 'cc'){
?><img src="images/menu3b.gif" width="110" height="32" border="0" />
<?php }else { ?>
<a href="<?php echo "?black%20hole={$gLD['BlackHole']}&sessionKey={$sessionKey}&uin={$user_id}&module=cc"; ?>"><img src="images/menu3a.gif" width="110" height="32" border="0" /></a>
<?php } ?></td>

    <td width="20%" align="left">用户号码: <strong><?php echo $user_id; ?></strong><br />
	  用户昵称: <strong><?php echo $nick; ?></strong></td>
    <td width="19%" align="right">
      <a href="<?php echo URI_BUY_KBAO."&uin={$user_id}&sessionKey={$sessionKey}"; ?>" target="_blank">
    	<img src="images/gfgm.gif" width="90" height="19" border="0" />
      </a><br />
      <a href="<?php echo "?black%20hole={$gLD['BlackHole']}&sessionKey={$sessionKey}&uin={$user_id}&module=chgpswd"; ?>" target="_self">
    	<img src="images/szmm.gif" width="90" height="19" border="0" />
      </a>
    </td>
  </tr>
</table>
<?php  
}//END func showHeader

/*
Utf-8、gb2312都支持的汉字截取函数
cut_str(字符串, 截取长度, 开始长度, 编码);
编码默认为 utf-8
开始长度默认为 0
*/
function cut_str($string, $sublen, $start = 0, $code = 'UTF-8') {
	if ($code == 'UTF-8') {
		$pa = "/[\x01-\x7f]|[\xc2-\xdf][\x80-\xbf]|\xe0[\xa0-\xbf][\x80-\xbf]|[\xe1-\xef][\x80-\xbf][\x80-\xbf]|\xf0[\x90-\xbf][\x80-\xbf][\x80-\xbf]|[\xf1-\xf7][\x80-\xbf][\x80-\xbf][\x80-\xbf]/";
		preg_match_all ( $pa, $string, $t_string );
		if (count ( $t_string [0] ) - $start > $sublen)
			return join ( '', array_slice ( $t_string [0], $start, $sublen ) ); // . "...";
		return join ( '', array_slice ( $t_string [0], $start, $sublen ) );
	} else {
		$start = $start * 2;
		$sublen = $sublen * 2;
		$strlen = strlen ( $string );
		$tmpstr = '';
		
		for($i = 0; $i < $strlen; $i ++) {
			if ($i >= $start && $i < ($start + $sublen)) {
				if (ord ( substr ( $string, $i, 1 ) ) > 129) {
					$tmpstr .= substr ( $string, $i, 2 );
				} else {
					$tmpstr .= substr ( $string, $i, 1 );
				}
			}
			if (ord ( substr ( $string, $i, 1 ) ) > 129)
				$i ++;
		}
		if (strlen ( $tmpstr ) < $strlen)
			$tmpstr .= ''; // "...";
		return $tmpstr;
	}
} //END cut_str
?>